Module io.helidon.webserver.cors
Package io.helidon.webserver.cors

Interface CorsPathConfig

All Superinterfaces:
Prototype.Api
All Known Implementing Classes:
CorsPathConfig.BuilderBase.CorsPathConfigImpl
@Contract public interface CorsPathConfig extends Prototype.Api
Configuration of CORS for a specific path.
See Also:

  • Method Details

    • builder

      static CorsPathConfig.Builder builder()
      Create a new fluent API builder to customize configuration.
      Returns:
      a new builder

    • builder

      static CorsPathConfig.Builder builder(CorsPathConfig instance)
      Create a new fluent API builder from an existing instance.
      Parameters:
      instance - an existing instance used as a base for the builder
      Returns:
      a builder based on an instance

    • create

      static CorsPathConfig create(Config config)
      Create a new instance from configuration.
      Parameters:
      config - used to configure the new instance
      Returns:
      a new instance configured from configuration

    • create

      @Deprecated static CorsPathConfig create(Config config)
      Deprecated.
      use create(io.helidon.config.Config)
      Create a new instance from configuration.
      Parameters:
      config - used to configure the new instance
      Returns:
      a new instance configured from configuration

    • pathPattern

      String pathPattern()
      Path pattern to apply this configuration for. Note that paths are checked in sequence, and the first path that matches the request will be used to configure CORS.

      Always configure the most restrictive rules first.

      Returns:
      path pattern as understood by WebServer routing

    • exclusive

      boolean exclusive()
      Whether this acts as an exclusive configuration for the configured pathPattern. If exclusive, any CORS request matching the pattern will be exclusively handled with this configuration. If not exclusive, only CORS request matching the pattern AND a method will be handled by this configuration.
      Returns:
      whether this is an exclusive configuration for the provided path, defaults to true

    • enabled

      boolean enabled()
      Whether this CORS configuration should be enabled or not. If disabled, this configuration will be ignored, and the next path will be checked.
      Returns:
      whether this configuration is enabled

    • allowOrigins

      Set<String> allowOrigins()
      Set of allowed origins, defaults to all.

      If not empty, this will be used with "Access-Control-Allow-Origin" header. Note that allowed origins may be either a full origin, such as http://www.example.com, or a regular expression. Any origin that contains (\), or *, or curly braces is considered a regular expression (i.e. http://.*\.example\.com).

      If you configure a regular expression, it would never be returned if all allowed origins are returned in a pre-flight request.

      Returns:
      allowed origins

    • allowHeaders

      Set<String> allowHeaders()
      Set of allowed headers, defaults to all.

      If not empty, this will be used in "Access-Control-Allow-Headers" header.

      Returns:
      allowed headers

    • allowMethods

      Set<String> allowMethods()
      Set of allowed methods, defaults to all.
      Returns:
      allowed methods

    • exposeHeaders

      Set<String> exposeHeaders()
      Set of exposed headers, defaults to none.

      If not empty, this will be used in "Access-Control-Expose-Headers" header.

      Returns:
      exposed headers

    • allowCredentials

      boolean allowCredentials()
      Whether to allow credentials.

      If enabled, this will be used in "Access-Control-Allow-Credentials" header.

      Returns:
      whether to allow credentials, defaults to false

    • maxAge

      Duration maxAge()
      Max age as a duration.

      This value will be used in "Access-Control-Max-Age" header (in seconds).

      For backward compatibility, you can specify the following when used from configuration:

      • integer (such as 3600) - number of seconds as a number
      • integer ms (such as 10000 ms) - number of milliseconds
      • duration format (such as PT1H) - format of Duration
      Returns:
      max age